Re: secure data export

[Orna Agmon Ben-Yehuda]

On Fri, Jun 24, 2011 at 4:54 AM, Shachar Shemesh wrote:

> **
> On 24/06/11 00:35, Orna Agmon Ben-Yehuda wrote:
>
> Hello all security experts,
>
>  Hiya,
>
>
>  I would like to export data from a machine on a business's internal
> network on a safe media, such that only the files I want exported are on the
> media. Specifically, I consider the possibility that the machine may already
> be infected by a malware which adds business-sensitive data to all outgoing
> media, and would like to defend against such a theoretical malware. The
> question may be limited to text files.
>
> Things already considered:
> *The media is a CD, which will be written and then finalized. No USB
> devices.
> *An artificial file will be added to the data file, to fill the media as
> much as possible. This, however, leaves a part of the disk capacity unused -
> the part used for the structure table (what used to be FAT), which is a
> place where additional data can hide.
>
> Don't see how that helps.
>

The point of the additional file is to leave little room for anything else.
Regarding the FAT place: Assuming the CD ends up on an infected machine, or
falls into the wrong hands ( example: you want to make your client an offer
on a CD, but you do not wish to give the client info about other offers you
made, in this case the wrong hands are exactly the hands the CD goes to),
the infected internal machine and the infected external machine agree on the
interpretation of the extra space in the table sectors, and may communicate
information through it.

>
>  *The CD will be read in two different machines, with two different
> operating systems.
>
> Try "copied". The CD will be burned on one machine. Only the relevant files
> copied to another CD on a second machine, and again on a third machine. If
> any of these machines are not infected then only the information you think
> is there will actually be there.
>
>  One of the systems will be a bootable linux disk, to preserve its
> (hopefully) initial not-infected status. The listing of files will be
> performed including hidden files (ls -la in Linux). The person who wrote the
> files will read them, to verify they contain the correct information.
>
> If you copy the files rather than only read the disc, this step becomes,
> thankfully, unneeded.
>
> I think you mis-stated your security concerns, though. Assuming I can guess
> the reason for this requirement, I think you will not be able to satisfy
> yourself that the same unknown that has infected your computer has not also
> infected the Linux image you are booting from or the USB controller that
> does the actual writes. Depending on your level of paranoia (and when it
> comes to such scenarios, "paranoia" is the only conceivable description), I
> would suggest the following:
>
> The only way to avoid going into a loop over what an infinite resources
> theoretical attacker might do is to use a media that can have no room for
> hitchhiking information. My suggestion - print it out and OCR it on another
> machine. I seem to recall a distant story about PGP writing a program that
> did OCR helping during the printing (MD5 of the line, or something like
> that), but I doubt your paranoia will not suspect that that very same
> program also puts in unwanted information into that area.
>
> Of course, you might still claim that the virus will use one dot errors
> (either black pixels where white ones should have been or vice versa) in
> order to leak information out. Some careful math can put a limit on just how
> much information can leak this way before the dots themselves become
> noticeable, and hopefully we can prove that not enough information can leak
> to pose a real risk (i.e. - decide that the attacker can get all the
> information she wants that can fit inside 10 bytes, and we can live with
> that).
>
> Shachar
>
>  Questions:
> What else should I do?
> What about a malware compressing the data, using the extra space for
> additional data?
> If I compress the data to avoid further compression, how can the person
> verify it contains exactly what it should?
> What can I not defend against?
> Are such malware as I imagine known? For Linux? Windows?
>
> Thanks for considering the problem,
> --
> Orna Agmon Ben-Yehuda.
> http://ladypine.org
>
>
> ___
> Linux-il mailing 
> listlinux...@cs.huji.ac.ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.http://www.lingnu.com
>
>


-- 
Orna Agmon Ben-Yehuda.
http://ladypine.org
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Oleg Goldshmidt]

> The point of the additional file is to leave little room for anything else.
> Regarding the FAT place: Assuming the CD ends up on an infected machine, or
> falls into the wrong hands ( example: you want to make your client an offer
> on a CD, but you do not wish to give the client info about other offers you
> made, in this case the wrong hands are exactly the hands the CD goes to),
> the infected internal machine and the infected external machine agree on the
> interpretation of the extra space in the table sectors, and may communicate
> information through it.

Let's be clear about one thing. What is the primary concern:
preventing malware from spreading or preventing information from
leaking?

Depending on the answer some of the responses you've got may be more
relevant than others. E.g., I think that Shachar's comment about FAT
tables is correct in the context of malware propagation. If catching
steganographic messages is the point (as, e.g., I understood the
problem) then custom filesystem metadata is as good a channel as any.

I liked the idea of printing the stuff and OCRing it back, by the way.
A low tech / dead tree step in the middle is a good way to sterilize
bits. ;-)

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Hebrew encoding question

[Mordecha Behar]

I just got another digest email from Hamakor, and once again it is full of
question marks.
This usually means that a different encoding is being used.
However, my browser (and hence email client) is using Unicode (UTF 8). When
I tried viewing in various encodings (Hebrew IBM 862, Hebrew Windows 1255,
Hebrew ISO 8859-8 and 8859-8-1)I still just got question marks.
So, what encoding is Hamakor using to send these emails? And why aren't they
using anything standard?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Orna Agmon Ben-Yehuda]

On Sat, Jun 25, 2011 at 9:28 PM, Oleg Goldshmidt  wrote:

> > The point of the additional file is to leave little room for anything
> else.
> > Regarding the FAT place: Assuming the CD ends up on an infected machine,
> or
> > falls into the wrong hands ( example: you want to make your client an
> offer
> > on a CD, but you do not wish to give the client info about other offers
> you
> > made, in this case the wrong hands are exactly the hands the CD goes to),
> > the infected internal machine and the infected external machine agree on
> the
> > interpretation of the extra space in the table sectors, and may
> communicate
> > information through it.
>
> Let's be clear about one thing. What is the primary concern:
> preventing malware from spreading or preventing information from
> leaking?
>
>
I assume malware spreads in various methods, and am not trying to disinfect
machines/prevent propagation of malware etc. I leave this to antiviruses.

I am trying to prevent a specific action of various possible (imaginary?)
malware, which attempt to export data as hitchhikers on data which is
exported anyhow. I do not assume the malware is trying to add itself to the
CD, in addition to the data.

The OCR idea is indeed nice. However, it is only good for small amounts of
data, or where the accuracy is not so important (English texts). It is not
so good for Hebrew or data (numbers), not to mention binary data.


> Depending on the answer some of the responses you've got may be more
> relevant than others. E.g., I think that Shachar's comment about FAT
> tables is correct in the context of malware propagation. If catching
> steganographic messages is the point (as, e.g., I understood the
> problem) then custom filesystem metadata is as good a channel as any.
>
> I liked the idea of printing the stuff and OCRing it back, by the way.
> A low tech / dead tree step in the middle is a good way to sterilize
> bits. ;-)
>
> --
> Oleg Goldshmidt | p...@goldshmidt.org
>



-- 
Orna Agmon Ben-Yehuda.
http://ladypine.org
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Shachar Shemesh]

On 25/06/11 21:58, Orna Agmon Ben-Yehuda wrote:


I am trying to prevent a specific action of various possible 
(imaginary?) malware, which attempt to export data as hitchhikers on 
data which is exported anyhow. I do not assume the malware is trying 
to add itself to the CD, in addition to the data.


The OCR idea is indeed nice. However, it is only good for small 
amounts of data, or where the accuracy is not so important (English 
texts). It is not so good for Hebrew or data (numbers), not to mention 
binary data.
Your suggestions assumed there was someone (human) able to go over the 
data and say "yes, this is what it is supposed to be". If this is large 
amounts of binary data, how do you plan to do that? You will need some 
computer that can be trusted. If you do have that, things are, already, 
much simpler.


Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Moish]

On 25/06/2011 21:06, Shachar Shemesh wrote:

On 25/06/11 21:58, Orna Agmon Ben-Yehuda wrote:


I am trying to prevent a specific action of various possible
(imaginary?) malware, which attempt to export data as hitchhikers on
data which is exported anyhow. I do not assume the malware is trying
to add itself to the CD, in addition to the data.

The OCR idea is indeed nice. However, it is only good for small
amounts of data, or where the accuracy is not so important (English
texts). It is not so good for Hebrew or data (numbers), not to mention
binary data.

Your suggestions assumed there was someone (human) able to go over the
data and say "yes, this is what it is supposed to be". If this is large
amounts of binary data, how do you plan to do that? You will need some
computer that can be trusted. If you do have that, things are, already,
much simpler.

Shachar



It's more of a logical issue than anything else.
If the "secret" data is not easily recognizable, then the
whole system is at fault.
Close the doors and check every bit. There's no other way.
  OR
Follow the output, check who'll access it, where and how,
in short, create a honeypot.

--
Moish

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Hebrew fonts on digital readers

[Steve G.]

I tried converting a text document containing Hebrew and Spanish to the
Kindle format. The Spanish was readable, but the Hebrew was junk. Although I
can read html in Hebrew on the Kindle, it does not let me read html
documents that are stored locally. I contacted Amazon, and was informed that
Hebrew is not currently supported on the Kindle, though they may be working
on it. I can convert the document to pdf, which I CAN read on the Kindle,
but then I can't use a dictionary for the Spanish, which is my goal in
transferring the document.

My question is: is there another digital reader (sony, barnes and noble,
borders, whoever), which can handle Hebrew charset? I am NOT talking about
iPad or a similar devices, as they are much too expensive, and of course any
netbook and up can read the documents in multiple formats.

Thanks,

Z.

-- 
Check out my web site - www.words2u.net
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew fonts on digital readers

[Omer Zak]

I am using the eMachines eM350 netbook for this purpose.
Except for short battery life (3 hours or so), it does the job for me.

Office Depot sells those netbooks for 1300NIS, which is a bit more
expensive than digital readers (typically 800-1200NIS), but it is a
general purpose computer.

And I was successful in installing Linux on it.

--- Omer


On Sat, 2011-06-25 at 14:16 -0600, Steve G. wrote:
> I tried converting a text document containing Hebrew and Spanish to
> the Kindle format. The Spanish was readable, but the Hebrew was junk.
> Although I can read html in Hebrew on the Kindle, it does not let me
> read html documents that are stored locally. I contacted Amazon, and
> was informed that Hebrew is not currently supported on the Kindle,
> though they may be working on it. I can convert the document to pdf,
> which I CAN read on the Kindle, but then I can't use a dictionary for
> the Spanish, which is my goal in transferring the document.
> 
> 
> My question is: is there another digital reader (sony, barnes and
> noble, borders, whoever), which can handle Hebrew charset? I am NOT
> talking about iPad or a similar devices, as they are much too
> expensive, and of course any netbook and up can read the documents in
> multiple formats.


-- 
Bottom posters are filthy heretics and infidels and ought to be burned
on the stake after having been tarred, feathered and having rotten eggs
thrown at their faces!
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Oleg Goldshmidt]

Orna Agmon Ben-Yehuda  writes:

> The OCR idea is indeed nice. However, it is only good for small
> amounts of data, or where the accuracy is not so important (English
> texts). It is not so good for Hebrew or data (numbers), not to
> mention binary data.

I thought you said the data you wanted to export was in plain text
files that someone could read and verify (for some definition of) that
the information in them is what it is supposed to be. This would imply
relatively small amounts of easy to parse data. I tried to think how
such simple files could be used by an attacker to transmit additional
unauthorized messages.

If you go binary (e.g., images) then an attack (of steganographic
type, at least) becomes so much easier, and I am not sure you can feel
safe without some trusted checksums for the files you wish to
export. I assume that, unlike AV, there will be no know signatures to
look for even if you know in advance what the contents of leaked data
are (the hidden message may be encrypted, etc.). 

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew fonts on digital readers

[Matan Ziv-Av]

On Sat, 25 Jun 2011, Steve G. wrote:

I tried converting a text document containing Hebrew and Spanish to 
the Kindle format. The Spanish was readable, but the Hebrew was junk. 
Although I can read html in Hebrew on the Kindle, it does not let me 
read html documents that are stored locally. I contacted Amazon, and 
was informed that Hebrew is not currently supported on the Kindle, 
though they may be working on it. I can convert the document to pdf, 
which I CAN read on the Kindle, but then I can't use a dictionary for 
the Spanish, which is my goal in transferring the document. My 
question is: is there another digital reader (sony, barnes and noble, 
borders, whoever), which can handle Hebrew charset? I am NOT talking 
about iPad or a similar devices, as they are much too expensive, and 
of course any netbook and up can read the documents in multiple 
formats.


You can change the fonts on the kindle[1], so if that is the only 
problem with the hebrew, you can use the kindle reader.


The browser indeed refuses browsing file://, so you can install a 
local httpd[2] to browse local files.


You can install fbreader[3] which has some form of hebrew support, and 
is in general a better reader software than the kindle reader.


[1] http://www.mobileread.com/forums/showthread.php?t=88004
[2] http://www.mobileread.com/forums/showthread.php?t=126128
[3] http://www.mobileread.com/forums/showthread.php?t=10737


--
Matan Ziv-Av. ma...@svgalib.org



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew encoding question

[Omer Zak]

What happens if you set the E-mail from Hamakor to regular (non-digest)
mode?
I receive my E-mail from Hamakor this way, and so far had no problems
with encodings.

>From inspection of the headers of an E-mail message which I received
from discussi...@hamakor.org.il:

1. It does not explicitly declare its encoding.

2. When my E-mail software is set to default encoding, it reads
correctly the E-mail.  Likewise, when the encoding is forced to be
utf-8.  When I forced it to use another encoding, the E-mail message
consisted of gibberish.

Thus, Hamakor's E-mails are encoded in utf-8 but don't explicitly
declare this encoding.

Therefore I suspect that Mordechai's E-mail by Web provider's default
encoding is different from utf-8, so any E-mail not explicitly declaring
itself to be encoded in utf-8 would be garbled en route.

--- Omer


On Sat, 2011-06-25 at 21:45 +0300, Mordecha Behar wrote:
> I just got another digest email from Hamakor, and once again it is
> full of question marks.
> This usually means that a different encoding is being used.
> However, my browser (and hence email client) is using Unicode (UTF 8).
> When I tried viewing in various encodings (Hebrew IBM 862, Hebrew
> Windows 1255, Hebrew ISO 8859-8 and 8859-8-1)I still just got question
> marks.
> So, what encoding is Hamakor using to send these emails? And why
> aren't they using anything standard?


-- 
"Kosher" Cellphones (cellphones with blocked SMS, video and Internet)
are menace to the deaf.  They must be outlawed!
(See also: 
http://www.zak.co.il/tddpirate/2006/04/21/the-grave-danger-to-the-deaf-from-kosher-cellphones/
 and 
http://www.zak.co.il/tddpirate/2007/02/04/rabbi-eliashiv-declared-war-on-the-deaf/)
My own blog is at http://www.zak.co.il/tddpirate/

My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew encoding question

[Mordecha Behar]

On Sat, Jun 25, 2011 at 11:59 PM, Omer Zak  wrote:

> What happens if you set the E-mail from Hamakor to regular (non-digest)
> mode?
>

Huh?
The email is called "Announcements Digest, Vol 6, Issue 2". I just called it
a digest, because that's what it is. I'm not reading it in digest mode, but
in plain email mode.



> I receive my E-mail from Hamakor this way, and so far had no problems
> with encodings.
>
> >From inspection of the headers of an E-mail message which I received
> from discussi...@hamakor.org.il:
>
> 1. It does not explicitly declare its encoding.
>
> 2. When my E-mail software is set to default encoding, it reads
> correctly the E-mail.  Likewise, when the encoding is forced to be
> utf-8.  When I forced it to use another encoding, the E-mail message
> consisted of gibberish.
>
> Thus, Hamakor's E-mails are encoded in utf-8 but don't explicitly
> declare this encoding.
>
> Therefore I suspect that Mordechai's E-mail by Web provider's default
> encoding is different from utf-8, so any E-mail not explicitly declaring
> itself to be encoded in utf-8 would be garbled en route.
>
>
The web client I am using is Gmail, and Hamakor's emails (all of them) are
the only ones that seem to have this problem.



> --- Omer
>
>
> On Sat, 2011-06-25 at 21:45 +0300, Mordecha Behar wrote:
> > I just got another digest email from Hamakor, and once again it is
> > full of question marks.
> > This usually means that a different encoding is being used.
> > However, my browser (and hence email client) is using Unicode (UTF 8).
> > When I tried viewing in various encodings (Hebrew IBM 862, Hebrew
> > Windows 1255, Hebrew ISO 8859-8 and 8859-8-1)I still just got question
> > marks.
> > So, what encoding is Hamakor using to send these emails? And why
> > aren't they using anything standard?
>
>
> --
> "Kosher" Cellphones (cellphones with blocked SMS, video and Internet)
> are menace to the deaf.  They must be outlawed!
> (See also:
> http://www.zak.co.il/tddpirate/2006/04/21/the-grave-danger-to-the-deaf-from-kosher-cellphones/and
> http://www.zak.co.il/tddpirate/2007/02/04/rabbi-eliashiv-declared-war-on-the-deaf/
> )
> My own blog is at http://www.zak.co.il/tddpirate/
>
> My opinions, as expressed in this E-mail message, are mine alone.
> They do not represent the official policy of any organization with which
> I may be affiliated in any way.
> WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

[HAIFUX LECTURE] GPIO, SPI, and I2C Control from Userspace, the True Linux Way by Baruch Siach

[Eli Billauer]

On Monday, June 27th (TOMORROW), at 18:30, Haifux will gather to hear 
Baruch Siach talk about


   GPIO, SPI, and I2C Control from Userspace, the True Linux Way


---

Abstract

General Purpose Input/Output (GPIO), Serial Peripheral Interface (SPI), 
and Inter-Integrated Circuit (I2C), are common methods for digital 
communication between electronic components. The Linux kernel, being a 
popular choice for embedded solutions, provides a general abstraction 
layer for each of those communication methods. Modern Linux kernels also 
include drivers for many hardware modules implementing GPIO, SPI, or 
I2C. The abstraction layers provide a generic way to communicate with 
electronic devices, which is independent from the details of specific 
hardware implementation. Each abstraction layer provides API for kernel 
code, as well as userspace users.


In this talk I'll present the basics of each communication method, and 
its generic userspace interface that Linux provides.



Slides are available at 
http://haifux.org/lectures/258/gpio_spi_i2c_userspace.pdf





We meet in Taub (CS Faculty) building, room 6. For instructions see: 
http://www.haifux.org/where.html


Attendance is free, and you are all invited!



Future Haifux talks include:

11/7/2011 SSD fundamentals by Amit Berman
25/7/2011 How to Spread Knowledge Throughout the World While Wearing 
Only Your Slippers by Tomer Ashur.



We are always interested in hearing your talks and ideas. If you wish to 
give a talk, hold a discussion, or just plan some event Haifux might be 
interested in, please contact us at webmas...@haifux.org


--
Web: http://www.billauer.co.il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew fonts on digital readers

[Steve G.]

I am using the Kindle 2, but it looks like this is doable.

Could you be more specific on doing it? I prefer to just install the font
(which one do I use for Hebrew?) and not a web server. Do I have to use the
python update script, or is it possible to copy a few file to my Kindle?

It is not that easy for me to get a new one where I am, so I'd rather not
brick the device...

Z.

On Sat, Jun 25, 2011 at 2:41 PM, Matan Ziv-Av  wrote:

> On Sat, 25 Jun 2011, Steve G. wrote:
>
>  I tried converting a text document containing Hebrew and Spanish to the
>> Kindle format. The Spanish was readable, but the Hebrew was junk. Although I
>> can read html in Hebrew on the Kindle, it does not let me read html
>> documents that are stored locally. I contacted Amazon, and was informed that
>> Hebrew is not currently supported on the Kindle, though they may be working
>> on it. I can convert the document to pdf, which I CAN read on the Kindle,
>> but then I can't use a dictionary for the Spanish, which is my goal in
>> transferring the document. My question is: is there another digital reader
>> (sony, barnes and noble, borders, whoever), which can handle Hebrew charset?
>> I am NOT talking about iPad or a similar devices, as they are much too
>> expensive, and of course any netbook and up can read the documents in
>> multiple formats.
>>
>
> You can change the fonts on the kindle[1], so if that is the only problem
> with the hebrew, you can use the kindle reader.
>
> The browser indeed refuses browsing file://, so you can install a local
> httpd[2] to browse local files.
>
> You can install fbreader[3] which has some form of hebrew support, and is
> in general a better reader software than the kindle reader.
>
> [1] 
> http://www.mobileread.com/**forums/showthread.php?t=88004
> [2] 
> http://www.mobileread.com/**forums/showthread.php?t=126128
> [3] 
> http://www.mobileread.com/**forums/showthread.php?t=10737
>
>
> --
> Matan Ziv-Av. ma...@svgalib.org
>
>
>


-- 
Check out my web site - www.words2u.net
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew fonts on digital readers

[geoffrey mendelson]

Didn't we this discussion a couple of months ago? From what I can see nothing 
has changed. I think in the end the person asking bought an eVrit, which is 
really a PanDigital Memo with Hebrew support and Steimatzky DRM built in. 

Are they still 900 NIS?

Geoff.


-- 
Geoffrey S. Mendelson,  N3OWJ/4X1GM
Making your enemy reliant on software you support is the best revenge.











___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Orna Agmon Ben-Yehuda]

On Sat, Jun 25, 2011 at 11:33 PM, Oleg Goldshmidt wrote:

> Orna Agmon Ben-Yehuda  writes:
>
> > The OCR idea is indeed nice. However, it is only good for small
> > amounts of data, or where the accuracy is not so important (English
> > texts). It is not so good for Hebrew or data (numbers), not to
> > mention binary data.
>
> I thought you said the data you wanted to export was in plain text
> files that someone could read and verify (for some definition of) that
> the information in them is what it is supposed to be. This would imply
> relatively small amounts of easy to parse data. I tried to think how
> such simple files could be used by an attacker to transmit additional
> unauthorized messages.
>
> If you go binary (e.g., images) then an attack (of steganographic
> type, at least) becomes so much easier, and I am not sure you can feel
> safe without some trusted checksums for the files you wish to
> export. I assume that, unlike AV, there will be no know signatures to
> look for even if you know in advance what the contents of leaked data
> are (the hidden message may be encrypted, etc.).
>
> --
> Oleg Goldshmidt | p...@goldshmidt.org
>

I am currently thinking about text, but If the text contains lots of
numbers, then I cannot trust the person to recognize the errors by reading
the file. Oleg - I did not consider steganographic methods in my original
mail, before you raised the issue.



-- 
Orna Agmon Ben-Yehuda.
http://ladypine.org
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure data export

[Nadav Har'El]

On Sun, Jun 26, 2011, Orna Agmon Ben-Yehuda wrote about "Re: secure data 
export":
> I am currently thinking about text, but If the text contains lots of
> numbers, then I cannot trust the person to recognize the errors by reading
> the file. Oleg - I did not consider steganographic methods in my original
> mail, before you raised the issue.

Another issue to consider is that except for us die-hard Unix fans, when
most computer users think of "text", they don't think of ASCII text, but
rather of formats like PDF, MS-Word, and so on. With these, it is trivial
to insert an almost-unlimited amount of leaked information into the "text"
file, and a person who reads it on an ordinary word processor will not notice
any difference.

Orna, I think that unfortunately as time goes on the sort of problem you're
thinking about gets harder and harder to solve to any satisfaction.
There might be good solutions for short ASCII text files (Shachar's idea of
*copying* the data on the clean machine, not just *reading* it, was a good
one). But what if you do want to send a word-processor document? Or some
relatively-large source code? Or some numerical data that nobody can seriously
verify? Or photos? Or videos?

For the specific case of word-processor documents, there might be a simpler
(and more accurate) solution than printing and OCR: The copying machine (as
suggested by Shachar based on your verifying machine) can, instead of making
an accurate copy of the file, extract only the *visible* information the file,
e.g., the text and fonts, and copy it to a new file, while losing other
"hidden" information which might be present in the file. A trivial (though
perhaps suboptimal) way to do this is for that machine to export the document
to PDF; Presumably this conversion will lose all invisible information, and
if you assume your human verifier can verify the visible information somehow
(it isn't clear how...), you're safe.


-- 
Nadav Har'El|   Sunday, Jun 26 2011, 24 Sivan 5771
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |Seen on a box of animal crackers: "Do not
http://nadav.harel.org.il   |eat if seal is broken."

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il